Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Slicing through CISA’s KEV Catalog
![Blog Image KEV Research Announcement](/sites/default/files/styles/cta/public/2024/05/01/Blog%20Image%20KEV%20Research%20Announcement.png?itok=dUMFV8Tg)
Slicing through CISA’s KEV Catalog
Dive into the critical insights of CISA's Known Exploited Vulnerabilities (KEV) Catalog with Bitsight’s latest blog! Discover how KEVs, which signal urgent cybersecurity risks, are being tracked and mitigated across industries. Learn why addressing these vulnerabilities quickly is vital and how it impacts organizational security.
![Security Ratings Historical Performance Graph](/sites/default/files/styles/4_3_small/public/2022/07/29/Security%20Ratings%20Historical%20Graph_orig.jpeg.webp?itok=MjrN5Z4o)
Security ratings, or cyber security ratings, are a data-driven, objective and dynamic measurement of an organization’s security performance. Thousands of organizations around the world use Bitsight Security Ratings as a tool to address a variety of critical, interconnected internal and external use cases at scale in order to enable more effective decision making throughout the global business ecosystem.
![Vendor lifecycle management process](/sites/default/files/styles/4_3_small/public/2023/03/16/vendor%20lifecycle%20management%20process%2C%20SIZED.jpg.webp?itok=Sdh_-K8E)
The vendor lifecycle management process involves understanding and remediating third-party risk at every stage of the relationship, from onboarding to offboarding.
![third party vendor risk management for financial institutions](/sites/default/files/styles/4_3_small/public/2023/03/02/third%20party%20vendor%20risk%20management%20for%20financial%20institutions%2C%20SIZED.jpg.webp?itok=4zogLtq9)
Learn how to automate and streamline the process for third-party vendor risk management at financial institutions.
![vendor risk management reporting](/sites/default/files/styles/4_3_small/public/2023/03/08/vendor%20risk%20management%20reporting.jpg.webp?itok=a795KLwC)
Presenting results is the key to showing the value of your vendor risk management efforts. These 7 reports will effectively communicate your wins.
![iso 27001 requirements vendor risk management](/sites/default/files/styles/4_3_small/public/2023/02/24/iso%2027001%20requirements%20vendor%20risk%20management.jpg.webp?itok=G6w3kWFF)
Learn what ISO 27001 controls apply to vendor risk management and how to successfully map them to your VRM framework.
![what is tprm](/sites/default/files/styles/4_3_small/public/2023/02/10/what%20is%20tprm.jpg.webp?itok=RlxIAxxc)
Third party risk management is trending following major data breaches affecting organizations through their vendors. But what is TPRM?
![What Is Digital Supply Chain Management?](/sites/default/files/styles/4_3_small/public/migration/images/what-is-digital-supply-chain-management_1.jpeg.webp?itok=joKcTfoO)
You may have heard the term “digital supply chain management” being used to describe an emerging business function. But what exactly is a digital supply chain, and how is one supposed to manage it?
![BitSight Google Cloud](/sites/default/files/styles/4_3_small/public/2023/01/18/BitSight%2BGCloud_blog.png.webp?itok=cK_4Bi6H)
Bitsight is partnering with Google Cloud to provide customers with a centralized repository of Google Cloud questionnaires, certifications, and documentation, now available through Bitsight Vendor Risk Management. Learn more about the partnership in our blog.
![vendor risk managementq uestions for third party vendor](/sites/default/files/styles/4_3_small/public/2022/12/29/vendor-risk-management-questions-for-third-party-vendor.jpg.webp?itok=M2et8Viv)
Third-party vendors need to be properly evaluated before entering your data ecosystem. Use these questions in your vendor risk management program.
![vendor risk management questionnaires](/sites/default/files/styles/4_3_small/public/2023/01/10/vendor%20risk%20management%20questionnaires.jpg.webp?itok=02ZKoXsI)
We explore the most common security questionnaires and how to integrate them into your overall VRM process.
![questions before buying vrm tool](/sites/default/files/styles/4_3_small/public/2023/01/10/questions%20before%20buying%20vrm%20tool.jpg.webp?itok=Mq3wKpbK)
These questions will help you choose the best VRM tool that will take your program to the next level.
![What is Vendor Risk Management (VRM)?](/sites/default/files/styles/4_3_small/public/migration/images/Vendor%2520Risk%2520Management%2520Definition%2520-%2520FB%2520Social%2520Graphic%2520Main%2520Blog%2520Image_1.jpg.webp?itok=VhW-jURH)
Vendor Risk Management is the practice of evaluating business partners, suppliers, or third-party vendors both before a business relationship is established and during the duration of your business contract. This is an important concept and practice to put in place during the evaluation of your vendors and the procurement process.
![why vendor risk management is critical](/sites/default/files/styles/4_3_small/public/2022/12/06/3-reasons-vendor-risk-management-scaled-1-2048x1536_0.jpeg.webp?itok=R_n_b7Oi)
New outsourcing opportunities may present as you build next year’s strategy, making Vendor Risk Management (VRM) critical for three main reasons.
![spend end of year budget](/sites/default/files/styles/4_3_small/public/2022/11/24/end%20of%20year%20budget%20spend.png.webp?itok=WDy219Ds)
Wondering how to leverage your remaining funds? As you decide how to use your end of year budget, ask yourself these questions.
![What Is Sensitive Data & Why You Need To Protect It](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1033113025_1.jpg.webp?itok=MWSw8lrO)
As a security professional navigating the new challenges 2020 is bringing to cybersecurity, it’s critical to understand the ways your organization’s data could be exposed. Sensitive data is critical, safeguarded information. Different information can be considered sensitive depending on the industry, but in general it can be anything your organization, your employees, your customers, or your third parties would expect to be private and protected.Below, we’ve outlined five examples of sensitive data your organization likely handles—and a few key ways to protect it from evolving cyber threats.